I'd like to extend my configuration of postfix to be able to receive mail for my domian.
Currently, I've set up postfix as a smarthost which accepts mail after authentication and forwards it, dependent on the sender, to different servers (like gmail). That works well so far. I'd like to extend the configuration such that mail for my domain (mydomain.com) is accepted, too, but without the need for authentication (Everybody should be allow to send mail to users on that domain). The smarthost capability should remain. Postfix should hence take these 2 tasks:
- Act as a smarthost and forward mail with arbitrary receipients after sucessful client authentication
- Receive mail from arbitrary senders without authentication buth with receipient on local domain
The current configuration (main.cf) is appended below. I think what I need to do is to change parameters of 'smtpd_client_restrictions' and 'smtpd_receipient_restrictions', but I'm not sure about that. If someone could confirm this, that already would help me a lot.
main.cf:
[...]
myhostname = mydomain.com
mynetworks = 127.0.0.0/8
mydestination = mydomain.com localhost localhost.mydomain.com
canonical_maps = regexp:/etc/postfix/canonical-redirect
home_mailbox = Mail/
# POSTFIX SERVER AUTHENTICATION
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noplaintext, noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_client_restrictions = permit_sasl_authenticated, reject
smtpd_recipient_restrictions = permit_sasl_authenticated, reject
smtpd_tls_security_level = encrypt
# SENDER DEPENDENT RELAYs
# relays
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
# auth
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = GSSAPI, DIGEST-MD5, CRAM-MD5, login, plain
smtp_tls_security_level = encrypt
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = noplaintext, noanonymous
#TLS
smtpd_tls_cert_file=/etc/ssl/cert.pem
smtpd_tls_key_file=/etc/ssl/cert.key
[...]
Edit: According to the comment of NickW, I modified the permissions to
smtpd_client_restrictions = smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_recipient_domain, permit
For my understanding, this rule would first allow all mail from authenticated users, deny mail for recipients which aren't on mydomain and finally permit these mails. Is this correct so far?
However, postfix then complains about 'fatal parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit'. If I put a 'reject' AFTER the 'permit', postfix shows only a warning ('restriction 'reject' after 'permit' is ignored'), but the error isn't showing up...
permit_sasl_authenticated
in both client and recipient, trysmtpd_recipient_restrictions = reject_unknown_sender_domain
as a start..smtp_recipient_restrictions = reject_unknown_RECIPIENT_domain
?